diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/AuditedLogoutHandler.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/AuditedLogoutHandler.java index 3b3ad87ca3c..1d2b6212016 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/AuditedLogoutHandler.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/AuditedLogoutHandler.java @@ -1,116 +1,115 @@ -/* - * Copyright (c) 2010-2013 Evolveum and contributors - * - * This work is dual-licensed under the Apache License 2.0 - * and European Union Public License. See LICENSE file for details. - */ - -package com.evolveum.midpoint.web.security; - -import com.evolveum.midpoint.audit.api.AuditEventRecord; -import com.evolveum.midpoint.audit.api.AuditEventStage; -import com.evolveum.midpoint.audit.api.AuditEventType; -import com.evolveum.midpoint.audit.api.AuditService; -import com.evolveum.midpoint.gui.api.GuiConstants; -import com.evolveum.midpoint.gui.api.util.WebComponentUtil; -import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication; -import com.evolveum.midpoint.model.api.authentication.ModuleAuthentication; -import com.evolveum.midpoint.model.api.authentication.StateOfModule; -import com.evolveum.midpoint.prism.PrismObject; -import com.evolveum.midpoint.schema.constants.SchemaConstants; -import com.evolveum.midpoint.schema.result.OperationResultStatus; -import com.evolveum.midpoint.security.api.MidPointPrincipal; -import com.evolveum.midpoint.task.api.Task; -import com.evolveum.midpoint.task.api.TaskManager; -import com.evolveum.midpoint.util.logging.Trace; -import com.evolveum.midpoint.util.logging.TraceManager; -import com.evolveum.midpoint.web.security.filter.MidpointAuthFilter; -import com.evolveum.midpoint.web.security.util.SecurityUtils; -import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType; -import org.apache.commons.lang3.StringUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.Authentication; -import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; - -/** - * @author lazyman - */ -public class AuditedLogoutHandler extends SimpleUrlLogoutSuccessHandler { - - private static final transient Trace LOGGER = TraceManager.getTrace(AuditedLogoutHandler.class); - - @Autowired - private TaskManager taskManager; - @Autowired - private AuditService auditService; - - boolean useDefaultUrl = false; - - private boolean useDefaultUrl() { - return useDefaultUrl; - } - - @Override - public void setDefaultTargetUrl(String defaultTargetUrl) { - super.setDefaultTargetUrl(defaultTargetUrl); - this.useDefaultUrl = true; - } - - @Override - public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) - throws IOException, ServletException { - - String targetUrl; - if (useDefaultUrl()) { - targetUrl = getDefaultTargetUrl(); - } else { - targetUrl = GuiConstants.DEFAULT_PATH_AFTER_LOGOUT; - } - - if (authentication instanceof MidpointAuthentication) { - MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication; - ModuleAuthentication moduleAuthentication = mpAuthentication.getProcessingModuleAuthentication(); - if (mpAuthentication.getAuthenticationChannel() != null) { - targetUrl = mpAuthentication.getAuthenticationChannel().getPathDuringProccessing(); - } - } - - if (response.isCommitted()) { - LOGGER.debug("Response has already been committed. Unable to redirect to " + targetUrl); - } else { - getRedirectStrategy().sendRedirect(request, response, targetUrl); - } - - auditEvent(request, authentication); - } - - private void auditEvent(HttpServletRequest request, Authentication authentication) { - MidPointPrincipal principal = SecurityUtils.getPrincipalUser(authentication); - PrismObject user = principal != null ? principal.getUser().asPrismObject() : null; - - Task task = taskManager.createTaskInstance(); - task.setOwner(user); - task.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI); - - AuditEventRecord record = new AuditEventRecord(AuditEventType.TERMINATE_SESSION, AuditEventStage.REQUEST); - record.setInitiator(user); - record.setParameter(WebComponentUtil.getName(user, false)); - - record.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI); - record.setTimestamp(System.currentTimeMillis()); - record.setOutcome(OperationResultStatus.SUCCESS); - - // probably not needed, as audit service would take care of it; but it doesn't hurt so let's keep it here - record.setHostIdentifier(request.getLocalName()); - record.setRemoteHostAddress(request.getLocalAddr()); - record.setNodeIdentifier(taskManager.getNodeId()); - record.setSessionIdentifier(request.getRequestedSessionId()); - - auditService.audit(record, task); - } -} +/* + * Copyright (c) 2010-2013 Evolveum and contributors + * + * This work is dual-licensed under the Apache License 2.0 + * and European Union Public License. See LICENSE file for details. + */ + +package com.evolveum.midpoint.web.security; + +import com.evolveum.midpoint.audit.api.AuditEventRecord; +import com.evolveum.midpoint.audit.api.AuditEventStage; +import com.evolveum.midpoint.audit.api.AuditEventType; +import com.evolveum.midpoint.audit.api.AuditService; +import com.evolveum.midpoint.gui.api.GuiConstants; +import com.evolveum.midpoint.gui.api.util.WebComponentUtil; +import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication; +import com.evolveum.midpoint.model.api.authentication.ModuleAuthentication; +import com.evolveum.midpoint.model.api.authentication.StateOfModule; +import com.evolveum.midpoint.prism.PrismObject; +import com.evolveum.midpoint.schema.constants.SchemaConstants; +import com.evolveum.midpoint.schema.result.OperationResultStatus; +import com.evolveum.midpoint.security.api.MidPointPrincipal; +import com.evolveum.midpoint.task.api.Task; +import com.evolveum.midpoint.task.api.TaskManager; +import com.evolveum.midpoint.util.logging.Trace; +import com.evolveum.midpoint.util.logging.TraceManager; +import com.evolveum.midpoint.web.security.filter.MidpointAuthFilter; +import com.evolveum.midpoint.web.security.util.SecurityUtils; +import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.Authentication; +import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * @author lazyman + */ +public class AuditedLogoutHandler extends SimpleUrlLogoutSuccessHandler { + + private static final transient Trace LOGGER = TraceManager.getTrace(AuditedLogoutHandler.class); + + @Autowired + private TaskManager taskManager; + @Autowired + private AuditService auditService; + + boolean useDefaultUrl = false; + + private boolean useDefaultUrl() { + return useDefaultUrl; + } + + @Override + public void setDefaultTargetUrl(String defaultTargetUrl) { + super.setDefaultTargetUrl(defaultTargetUrl); + this.useDefaultUrl = true; + } + + @Override + public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) + throws IOException, ServletException { + + String targetUrl = null; + if (useDefaultUrl()) { + targetUrl = getDefaultTargetUrl(); + } else { + targetUrl = GuiConstants.DEFAULT_PATH_AFTER_LOGOUT; + } + + if (authentication instanceof MidpointAuthentication) { + MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication; + if (mpAuthentication.getAuthenticationChannel() != null) { + targetUrl = mpAuthentication.getAuthenticationChannel().getPathDuringProccessing(); + } + } + + if (response.isCommitted()) { + LOGGER.debug("Response has already been committed. Unable to redirect to " + targetUrl); + } else { + getRedirectStrategy().sendRedirect(request, response, targetUrl); + } + + auditEvent(request, authentication); + } + + private void auditEvent(HttpServletRequest request, Authentication authentication) { + MidPointPrincipal principal = SecurityUtils.getPrincipalUser(authentication); + PrismObject user = principal != null ? principal.getUser().asPrismObject() : null; + + Task task = taskManager.createTaskInstance(); + task.setOwner(user); + task.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI); + + AuditEventRecord record = new AuditEventRecord(AuditEventType.TERMINATE_SESSION, AuditEventStage.REQUEST); + record.setInitiator(user); + record.setParameter(WebComponentUtil.getName(user, false)); + + record.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI); + record.setTimestamp(System.currentTimeMillis()); + record.setOutcome(OperationResultStatus.SUCCESS); + + // probably not needed, as audit service would take care of it; but it doesn't hurt so let's keep it here + record.setHostIdentifier(request.getLocalName()); + record.setRemoteHostAddress(request.getLocalAddr()); + record.setNodeIdentifier(taskManager.getNodeId()); + record.setSessionIdentifier(request.getRequestedSessionId()); + + auditService.audit(record, task); + } +} diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/channel/GuiAuthenticationChannel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/channel/GuiAuthenticationChannel.java index 479d259d873..44bbaf3d5d0 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/channel/GuiAuthenticationChannel.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/channel/GuiAuthenticationChannel.java @@ -1,53 +1,54 @@ -/* - * Copyright (c) 2010-2019 Evolveum and contributors - * - * This work is dual-licensed under the Apache License 2.0 - * and European Union Public License. See LICENSE file for details. - */ -package com.evolveum.midpoint.web.security.channel; - -import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils; -import com.evolveum.midpoint.model.api.ModelInteractionService; -import com.evolveum.midpoint.model.api.authentication.AuthenticationChannel; -import com.evolveum.midpoint.model.api.authentication.ModuleWebSecurityConfiguration; -import com.evolveum.midpoint.schema.constants.SchemaConstants; -import com.evolveum.midpoint.schema.util.SecurityPolicyUtil; -import com.evolveum.midpoint.security.api.Authorization; -import com.evolveum.midpoint.task.api.TaskManager; -import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType; -import org.apache.commons.lang3.StringUtils; -import org.apache.commons.lang3.Validate; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; - -import java.util.Collection; - -import static org.springframework.security.saml.util.StringUtils.stripSlashes; - -/** - * @author skublik - */ - -public class GuiAuthenticationChannel extends AuthenticationChannelImpl { - - private TaskManager taskManager; - private ModelInteractionService modelInteractionService; - - public GuiAuthenticationChannel(TaskManager taskManager, ModelInteractionService modelInteractionService) { - this.taskManager = taskManager; - this.modelInteractionService = modelInteractionService; - } - - public String getChannelId() { - return SchemaConstants.CHANNEL_USER_URI; - } - - public String getPathAfterSuccessfulAuthentication() { - if (WebModelServiceUtils.isPostAuthenticationEnabled(taskManager, modelInteractionService)) { - return "/self/postAuthentication"; - } - - return super.getPathAfterSuccessfulAuthentication(); - } - -} +/* + * Copyright (c) 2010-2019 Evolveum and contributors + * + * This work is dual-licensed under the Apache License 2.0 + * and European Union Public License. See LICENSE file for details. + */ +package com.evolveum.midpoint.web.security.channel; + +import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils; +import com.evolveum.midpoint.model.api.ModelInteractionService; +import com.evolveum.midpoint.model.api.authentication.AuthenticationChannel; +import com.evolveum.midpoint.model.api.authentication.ModuleWebSecurityConfiguration; +import com.evolveum.midpoint.schema.constants.SchemaConstants; +import com.evolveum.midpoint.schema.util.SecurityPolicyUtil; +import com.evolveum.midpoint.security.api.Authorization; +import com.evolveum.midpoint.task.api.TaskManager; +import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType; +import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Validate; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; + +import java.util.Collection; + +import static org.springframework.security.saml.util.StringUtils.stripSlashes; + +/** + * @author skublik + */ + +public class GuiAuthenticationChannel extends AuthenticationChannelImpl { + + private TaskManager taskManager; + private ModelInteractionService modelInteractionService; + + public GuiAuthenticationChannel(AuthenticationSequenceChannelType channel, TaskManager taskManager, ModelInteractionService modelInteractionService) { + super(channel); + this.taskManager = taskManager; + this.modelInteractionService = modelInteractionService; + } + + public String getChannelId() { + return SchemaConstants.CHANNEL_USER_URI; + } + + public String getPathAfterSuccessfulAuthentication() { + if (WebModelServiceUtils.isPostAuthenticationEnabled(taskManager, modelInteractionService)) { + return "/self/postAuthentication"; + } + + return super.getPathAfterSuccessfulAuthentication(); + } + +} diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/channel/SelfRegistrationAuthenticationChannel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/channel/SelfRegistrationAuthenticationChannel.java index 5dac2a161aa..a3636f3d8fb 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/channel/SelfRegistrationAuthenticationChannel.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/channel/SelfRegistrationAuthenticationChannel.java @@ -1,169 +1,169 @@ -/* - * Copyright (c) 2010-2019 Evolveum and contributors - * - * This work is dual-licensed under the Apache License 2.0 - * and European Union Public License. See LICENSE file for details. - */ -package com.evolveum.midpoint.web.security.channel; - -import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils; -import com.evolveum.midpoint.model.api.ModelService; -import com.evolveum.midpoint.prism.Objectable; -import com.evolveum.midpoint.prism.PrismContext; -import com.evolveum.midpoint.prism.PrismObject; -import com.evolveum.midpoint.prism.delta.ObjectDelta; -import com.evolveum.midpoint.schema.constants.SchemaConstants; -import com.evolveum.midpoint.schema.result.OperationResult; -import com.evolveum.midpoint.schema.result.OperationResultStatus; -import com.evolveum.midpoint.schema.util.ObjectTypeUtil; -import com.evolveum.midpoint.security.api.Authorization; -import com.evolveum.midpoint.security.api.AuthorizationConstants; -import com.evolveum.midpoint.security.api.MidPointPrincipal; -import com.evolveum.midpoint.security.api.SecurityContextManager; -import com.evolveum.midpoint.task.api.Task; -import com.evolveum.midpoint.task.api.TaskManager; -import com.evolveum.midpoint.util.exception.CommonException; -import com.evolveum.midpoint.util.logging.Trace; -import com.evolveum.midpoint.util.logging.TraceManager; -import com.evolveum.midpoint.web.page.login.PageLogin; -import com.evolveum.midpoint.web.page.login.PageRegistrationConfirmation; -import com.evolveum.midpoint.xml.ns._public.common.common_3.*; -import org.apache.commons.collections4.CollectionUtils; -import org.jetbrains.annotations.NotNull; -import org.springframework.security.authentication.AuthenticationServiceException; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.context.SecurityContextHolder; - -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; -import java.util.stream.Collectors; - -/** - * @author skublik - */ - -public class SelfRegistrationAuthenticationChannel extends AuthenticationChannelImpl { - - private static final Trace LOGGER = TraceManager.getTrace(SelfRegistrationAuthenticationChannel.class); - - private static final String DOT_CLASS = SelfRegistrationAuthenticationChannel.class.getName() + "."; - - private static final String OPERATION_LOAD_USER = DOT_CLASS + "loadUser"; - private static final String OPERATION_FINISH_REGISTRATION = DOT_CLASS + "finishRegistration"; - -// private TaskManager taskManager; -// private SecurityContextManager securityContextManager; -// private ModelService modelService; - - public SelfRegistrationAuthenticationChannel() { - - } - - public String getChannelId() { - return SchemaConstants.CHANNEL_GUI_SELF_REGISTRATION_URI; - } - - public String getPathAfterSuccessfulAuthentication() { - return "/registration/result"; - } - - public String getPathAfterUnsuccessfulAuthentication() { - return "/"; - } - - @Override - public String getSpecificLoginUrl() { - return "/registration"; - } - -// @Override -// public void postSuccessAuthenticationProcessing() { -// OperationResult result = new OperationResult(OPERATION_FINISH_REGISTRATION); -// try { -// MidPointPrincipal principal = (MidPointPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); -// UserType user = principal.getUser(); -// PrismObject administrator = getAdministratorPrivileged(result); -// -// assignDefaultRoles(user.getOid(), administrator, result); -// result.computeStatus(); -// if (result.getStatus() == OperationResultStatus.FATAL_ERROR) { -// LOGGER.error("Failed to assign default roles, {}", result.getMessage()); -// } else { -// NonceType nonceClone = user.getCredentials().getNonce().clone(); -// removeNonceAndSetLifecycleState(user.getOid(), nonceClone, administrator, result); -// assignAdditionalRoleIfPresent(user.getOid(), nonceClone, administrator, result); -// result.computeStatus(); -// } -// initLayout(result); -// } catch (CommonException | AuthenticationException e) { -// result.computeStatus(); -// initLayout(result); -// } -// } -// -// @NotNull -// public PrismObject getAdministratorPrivileged(OperationResult parentResult) throws CommonException { -// OperationResult result = parentResult.createSubresult(OPERATION_LOAD_USER); -// TaskManager manager = taskManager; -// Task task = manager.createTaskInstance(OPERATION_LOAD_USER); -// -// task.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI); -// try { -// return securityContextManager.runPrivilegedChecked(() -> { -// return modelService -// .getObject(UserType.class, SystemObjectsType.USER_ADMINISTRATOR.value(), null, task, result); -// }); -// } catch (Throwable t) { -// LOGGER.error("Couldn't get administrator privileged"); -// throw t; -// } finally { -// result.computeStatusIfUnknown(); -// } -// } -// -// private void assignDefaultRoles(String userOid, PrismObject administrator, OperationResult parentResult) throws CommonException { -// List rolesToAssign = getSelfRegistrationConfiguration().getDefaultRoles(); -// if (CollectionUtils.isEmpty(rolesToAssign)) { -// return; -// } -// -// OperationResult result = parentResult.createSubresult(OPERATION_ASSIGN_DEFAULT_ROLES); -// try { -// PrismContext prismContext = getPrismContext(); -// List assignmentsToCreate = rolesToAssign.stream() -// .map(ref -> ObjectTypeUtil.createAssignmentTo(ref, prismContext)) -// .collect(Collectors.toList()); -// ObjectDelta delta = prismContext.deltaFor(UserType.class) -// .item(UserType.F_ASSIGNMENT).addRealValues(assignmentsToCreate) -// .asObjectDelta(userOid); -// runAsChecked(() -> { -// Task task = createSimpleTask(OPERATION_ASSIGN_DEFAULT_ROLES); -// WebModelServiceUtils.save(delta, result, task, PageRegistrationConfirmation.this); -// return null; -// }, administrator); -// } catch (CommonException|RuntimeException e) { -// throw new AuthenticationServiceException("PageRegistrationConfirmation.message.assignDefaultRoles.fatalError", e); -// } finally { -// result.computeStatusIfUnknown(); -// } -// } - - - @Override - public boolean isSupportActivationByChannel() { - return false; - } - - @Override - public Collection resolveAuthorities(Collection authorities) { - ArrayList newAuthorities = new ArrayList(); - AuthorizationType authorizationType = new AuthorizationType(); - authorizationType.getAction().add(AuthorizationConstants.AUTZ_UI_SELF_REGISTRATION_FINISH_URL); - Authorization selfServiceCredentialsAuthz = new Authorization(authorizationType); - newAuthorities.add(selfServiceCredentialsAuthz); - authorities.addAll(newAuthorities); - return authorities; - } -} +/* + * Copyright (c) 2010-2019 Evolveum and contributors + * + * This work is dual-licensed under the Apache License 2.0 + * and European Union Public License. See LICENSE file for details. + */ +package com.evolveum.midpoint.web.security.channel; + +import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils; +import com.evolveum.midpoint.model.api.ModelService; +import com.evolveum.midpoint.prism.Objectable; +import com.evolveum.midpoint.prism.PrismContext; +import com.evolveum.midpoint.prism.PrismObject; +import com.evolveum.midpoint.prism.delta.ObjectDelta; +import com.evolveum.midpoint.schema.constants.SchemaConstants; +import com.evolveum.midpoint.schema.result.OperationResult; +import com.evolveum.midpoint.schema.result.OperationResultStatus; +import com.evolveum.midpoint.schema.util.ObjectTypeUtil; +import com.evolveum.midpoint.security.api.Authorization; +import com.evolveum.midpoint.security.api.AuthorizationConstants; +import com.evolveum.midpoint.security.api.MidPointPrincipal; +import com.evolveum.midpoint.security.api.SecurityContextManager; +import com.evolveum.midpoint.task.api.Task; +import com.evolveum.midpoint.task.api.TaskManager; +import com.evolveum.midpoint.util.exception.CommonException; +import com.evolveum.midpoint.util.logging.Trace; +import com.evolveum.midpoint.util.logging.TraceManager; +import com.evolveum.midpoint.web.page.login.PageLogin; +import com.evolveum.midpoint.web.page.login.PageRegistrationConfirmation; +import com.evolveum.midpoint.xml.ns._public.common.common_3.*; +import org.apache.commons.collections4.CollectionUtils; +import org.jetbrains.annotations.NotNull; +import org.springframework.security.authentication.AuthenticationServiceException; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.context.SecurityContextHolder; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; +import java.util.stream.Collectors; + +/** + * @author skublik + */ + +public class SelfRegistrationAuthenticationChannel extends AuthenticationChannelImpl { + + private static final Trace LOGGER = TraceManager.getTrace(SelfRegistrationAuthenticationChannel.class); + + private static final String DOT_CLASS = SelfRegistrationAuthenticationChannel.class.getName() + "."; + + private static final String OPERATION_LOAD_USER = DOT_CLASS + "loadUser"; + private static final String OPERATION_FINISH_REGISTRATION = DOT_CLASS + "finishRegistration"; + +// private TaskManager taskManager; +// private SecurityContextManager securityContextManager; +// private ModelService modelService; + + public SelfRegistrationAuthenticationChannel(AuthenticationSequenceChannelType channel) { + super(channel); + } + + public String getChannelId() { + return SchemaConstants.CHANNEL_GUI_SELF_REGISTRATION_URI; + } + + public String getPathAfterSuccessfulAuthentication() { + return "/registration/result"; + } + + public String getPathAfterUnsuccessfulAuthentication() { + return "/"; + } + + @Override + public String getSpecificLoginUrl() { + return "/registration"; + } + +// @Override +// public void postSuccessAuthenticationProcessing() { +// OperationResult result = new OperationResult(OPERATION_FINISH_REGISTRATION); +// try { +// MidPointPrincipal principal = (MidPointPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); +// UserType user = principal.getUser(); +// PrismObject administrator = getAdministratorPrivileged(result); +// +// assignDefaultRoles(user.getOid(), administrator, result); +// result.computeStatus(); +// if (result.getStatus() == OperationResultStatus.FATAL_ERROR) { +// LOGGER.error("Failed to assign default roles, {}", result.getMessage()); +// } else { +// NonceType nonceClone = user.getCredentials().getNonce().clone(); +// removeNonceAndSetLifecycleState(user.getOid(), nonceClone, administrator, result); +// assignAdditionalRoleIfPresent(user.getOid(), nonceClone, administrator, result); +// result.computeStatus(); +// } +// initLayout(result); +// } catch (CommonException | AuthenticationException e) { +// result.computeStatus(); +// initLayout(result); +// } +// } +// +// @NotNull +// public PrismObject getAdministratorPrivileged(OperationResult parentResult) throws CommonException { +// OperationResult result = parentResult.createSubresult(OPERATION_LOAD_USER); +// TaskManager manager = taskManager; +// Task task = manager.createTaskInstance(OPERATION_LOAD_USER); +// +// task.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI); +// try { +// return securityContextManager.runPrivilegedChecked(() -> { +// return modelService +// .getObject(UserType.class, SystemObjectsType.USER_ADMINISTRATOR.value(), null, task, result); +// }); +// } catch (Throwable t) { +// LOGGER.error("Couldn't get administrator privileged"); +// throw t; +// } finally { +// result.computeStatusIfUnknown(); +// } +// } +// +// private void assignDefaultRoles(String userOid, PrismObject administrator, OperationResult parentResult) throws CommonException { +// List rolesToAssign = getSelfRegistrationConfiguration().getDefaultRoles(); +// if (CollectionUtils.isEmpty(rolesToAssign)) { +// return; +// } +// +// OperationResult result = parentResult.createSubresult(OPERATION_ASSIGN_DEFAULT_ROLES); +// try { +// PrismContext prismContext = getPrismContext(); +// List assignmentsToCreate = rolesToAssign.stream() +// .map(ref -> ObjectTypeUtil.createAssignmentTo(ref, prismContext)) +// .collect(Collectors.toList()); +// ObjectDelta delta = prismContext.deltaFor(UserType.class) +// .item(UserType.F_ASSIGNMENT).addRealValues(assignmentsToCreate) +// .asObjectDelta(userOid); +// runAsChecked(() -> { +// Task task = createSimpleTask(OPERATION_ASSIGN_DEFAULT_ROLES); +// WebModelServiceUtils.save(delta, result, task, PageRegistrationConfirmation.this); +// return null; +// }, administrator); +// } catch (CommonException|RuntimeException e) { +// throw new AuthenticationServiceException("PageRegistrationConfirmation.message.assignDefaultRoles.fatalError", e); +// } finally { +// result.computeStatusIfUnknown(); +// } +// } + + + @Override + public boolean isSupportActivationByChannel() { + return false; + } + + @Override + public Collection resolveAuthorities(Collection authorities) { + ArrayList newAuthorities = new ArrayList(); + AuthorizationType authorizationType = new AuthorizationType(); + authorizationType.getAction().add(AuthorizationConstants.AUTZ_UI_SELF_REGISTRATION_FINISH_URL); + Authorization selfServiceCredentialsAuthz = new Authorization(authorizationType); + newAuthorities.add(selfServiceCredentialsAuthz); + authorities.addAll(newAuthorities); + return authorities; + } +} diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/channel/GuiChannelFactory.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/channel/GuiChannelFactory.java index ff52dd5310f..badea55b110 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/channel/GuiChannelFactory.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/channel/GuiChannelFactory.java @@ -1,45 +1,45 @@ -/* - * Copyright (c) 2010-2019 Evolveum and contributors - * - * This work is dual-licensed under the Apache License 2.0 - * and European Union Public License. See LICENSE file for details. - */ -package com.evolveum.midpoint.web.security.factory.channel; - -import com.evolveum.midpoint.model.api.ModelInteractionService; -import com.evolveum.midpoint.model.api.authentication.AuthenticationChannel; -import com.evolveum.midpoint.schema.constants.SchemaConstants; -import com.evolveum.midpoint.task.api.TaskManager; -import com.evolveum.midpoint.web.security.channel.AuthenticationChannelImpl; -import com.evolveum.midpoint.web.security.channel.GuiAuthenticationChannel; -import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -/** - * @author skublik - */ -@Component -public class GuiChannelFactory extends AbstractChannelFactory { - - @Autowired - private TaskManager taskManager; - - @Autowired - private ModelInteractionService modelInteractionService; - - @Override - public boolean match(String channelId) { - return SchemaConstants.CHANNEL_USER_URI.equals(channelId); - } - - @Override - public AuthenticationChannel createAuthChannel(AuthenticationSequenceChannelType channel) throws Exception { - return new GuiAuthenticationChannel(taskManager, modelInteractionService); - } - - @Override - protected Integer getOrder() { - return 10; - } -} +/* + * Copyright (c) 2010-2019 Evolveum and contributors + * + * This work is dual-licensed under the Apache License 2.0 + * and European Union Public License. See LICENSE file for details. + */ +package com.evolveum.midpoint.web.security.factory.channel; + +import com.evolveum.midpoint.model.api.ModelInteractionService; +import com.evolveum.midpoint.model.api.authentication.AuthenticationChannel; +import com.evolveum.midpoint.schema.constants.SchemaConstants; +import com.evolveum.midpoint.task.api.TaskManager; +import com.evolveum.midpoint.web.security.channel.AuthenticationChannelImpl; +import com.evolveum.midpoint.web.security.channel.GuiAuthenticationChannel; +import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +/** + * @author skublik + */ +@Component +public class GuiChannelFactory extends AbstractChannelFactory { + + @Autowired + private TaskManager taskManager; + + @Autowired + private ModelInteractionService modelInteractionService; + + @Override + public boolean match(String channelId) { + return SchemaConstants.CHANNEL_USER_URI.equals(channelId); + } + + @Override + public AuthenticationChannel createAuthChannel(AuthenticationSequenceChannelType channel) throws Exception { + return new GuiAuthenticationChannel(channel, taskManager, modelInteractionService); + } + + @Override + protected Integer getOrder() { + return 10; + } +} diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/channel/SelfRegistrationChannelFactory.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/channel/SelfRegistrationChannelFactory.java index 6347c051255..90467457094 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/channel/SelfRegistrationChannelFactory.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/channel/SelfRegistrationChannelFactory.java @@ -1,35 +1,35 @@ -/* - * Copyright (c) 2010-2019 Evolveum and contributors - * - * This work is dual-licensed under the Apache License 2.0 - * and European Union Public License. See LICENSE file for details. - */ -package com.evolveum.midpoint.web.security.factory.channel; - -import com.evolveum.midpoint.model.api.authentication.AuthenticationChannel; -import com.evolveum.midpoint.schema.constants.SchemaConstants; -import com.evolveum.midpoint.web.security.channel.RestAuthenticationChannel; -import com.evolveum.midpoint.web.security.channel.SelfRegistrationAuthenticationChannel; -import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType; -import org.springframework.stereotype.Component; - -/** - * @author skublik - */ -@Component -public class SelfRegistrationChannelFactory extends AbstractChannelFactory { - @Override - public boolean match(String channelId) { - return SchemaConstants.CHANNEL_GUI_SELF_REGISTRATION_URI.equals(channelId); - } - - @Override - public AuthenticationChannel createAuthChannel(AuthenticationSequenceChannelType channel) throws Exception { - return new SelfRegistrationAuthenticationChannel(); - } - - @Override - protected Integer getOrder() { - return 10; - } -} +/* + * Copyright (c) 2010-2019 Evolveum and contributors + * + * This work is dual-licensed under the Apache License 2.0 + * and European Union Public License. See LICENSE file for details. + */ +package com.evolveum.midpoint.web.security.factory.channel; + +import com.evolveum.midpoint.model.api.authentication.AuthenticationChannel; +import com.evolveum.midpoint.schema.constants.SchemaConstants; +import com.evolveum.midpoint.web.security.channel.RestAuthenticationChannel; +import com.evolveum.midpoint.web.security.channel.SelfRegistrationAuthenticationChannel; +import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType; +import org.springframework.stereotype.Component; + +/** + * @author skublik + */ +@Component +public class SelfRegistrationChannelFactory extends AbstractChannelFactory { + @Override + public boolean match(String channelId) { + return SchemaConstants.CHANNEL_GUI_SELF_REGISTRATION_URI.equals(channelId); + } + + @Override + public AuthenticationChannel createAuthChannel(AuthenticationSequenceChannelType channel) throws Exception { + return new SelfRegistrationAuthenticationChannel(channel); + } + + @Override + protected Integer getOrder() { + return 10; + } +}